News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • The September 2020 Microsoft patches

    Home Forums AskWoody blog The September 2020 Microsoft patches

    • This topic has 37 replies, 19 voices, and was last updated 1 week ago.
    Viewing 22 reply threads
    • Author
      Posts
      • #2294900 Reply
        woody
        Da Boss

        The patches are out. I see 189 new entries in the Microsoft Update Catalog, plus 23 Intel microcode updates that were released last week. Stay tuned..
        [See the full post at: The September 2020 Microsoft patches]

        5 users thanked author for this post.
      • #2294901 Reply
        PKCano
        Da Boss

        AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on September 8, 2020.

        There are Security-only and IE11 Cumulative Updates for those with Win7 ESU subscriptions.
        September Rollup KB4577051 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.
        You must have August Servicing Stack KB4570673 previously installed to receive these updates)

        There is no new  September Servicing Stack at this time for those with Win7 ESU subscriptions.

        For those of you attempting to install Win7 updates for .NET 4.5.2 and later (patches with the .exe extension), see post #2287984 . Also see #2294972.

        There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

        9 users thanked author for this post.
        • #2294992 Reply
          BobT
          AskWoody Lounger

          @PKCano Windows 7 Sep Security Only (KB4577053) is incorrectly listed as KB4377053 in AKB2000003.

          Just needs the 3 correcting to a 5.

          1 user thanked author for this post.
      • #2294910 Reply
        Microfix
        AskWoody MVP

        kb4566371 x64/x86 DST changes yukon/canada for Win7 ESU also and…no SSU this month!

        Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
        1 user thanked author for this post.
        • #2294918 Reply
          Moonbear
          AskWoody Lounger

          Is the absence of an SSU patch a good thing or a bad thing?

          1 user thanked author for this post.
          • #2294923 Reply
            Microfix
            AskWoody MVP

            less hassle but generally..neither, MSFT must feel confident the most recent service stack is fit for purpose this month.

            Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
            1 user thanked author for this post.
        • #2294934 Reply
          gkarasik
          AskWoody Plus

          As there’s no new Servicing Stack update for this month, do we have to manually install the one from last month?

          GaryK

          • This reply was modified 1 week, 4 days ago by gkarasik.
          • #2294938 Reply
            Microfix
            AskWoody MVP

            Not if you already have it installed

            Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
            2 users thanked author for this post.
        • #2294994 Reply
          DrBonzo
          AskWoody Plus

          A minor note: according to the support page for KB4566371 (DST Yukon), this KB is included in the September Rollup for Win 8.1, KB4577066. (The DST Yukon patch also applies to some other versions of Windows, see the support page link below).

          https://support.microsoft.com/en-us/help/4566371/dst-changes-in-windows-for-yukon-canada

      • #2294920 Reply
        Coldheart9020
        AskWoody Lounger

        Windows 10 Pro 1909 x64 – I have been offered KB4574727 (2020-09 CU), KB4576484 (2020-09 .NET CU) as well as KB890830, the now-quarterly Malicious Software Removal Tool.

        I have manually downloaded the MSRT standalone .msu from the Update Catalog, but have yet to run and install it.

        • #2294926 Reply
          PKCano
          Da Boss

          It is OK to install MSRT through Windows Update.

          2 users thanked author for this post.
          • #2294943 Reply
            Coldheart9020
            AskWoody Lounger

            That’s how I’ve installed MSRT in the past, but installing it manually via the catalog will allow me to hold off on the two other updates from WU – without first hiding them – until MS-DEFCON 3 or higher.

            1 user thanked author for this post.
      • #2294946 Reply
        anonymous
        Guest

        cve-2020-0922 Looks quite critical
        https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922

        Do all the Intel updates come via Windows Update?

        • #2294956 Reply
          EP
          AskWoody_MVP

          only if you have an affected Intel CPU

          but sometimes these Intel microcode updates from MS can be pushed to AMD users – so AMD users may need to use wushowhide.diagcab to hide/block those kinds of updates

      • #2294968 Reply
        geekdom
        AskWoody Plus

        Windows 1909 TestBeta
        September 8, 2020

        Checked for updates with WUmgr:

        • Windows Malicious Software Removal Tool x64 – v5.83 (KB890830)
        • 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 for x64 (KB4576484)
        • 2020-09 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4574727)

        Installed updates from Windows Update in order shown installed:

        • 2020-09 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4574727)
        • Windows Malicious Software Removal Tool x64 – v5.83 (KB890830)
        • 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 for x64 (KB4576484)

        I was prompted to reboot, so I rebooted without error, and checked for updates again using Windows Updates.

        • There were no updates pending.
        • 2020-09 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4574727) showed installed.
        • 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 for x64 (KB4576484) showed installed.

        Under WUMgr, all three updates showed installed:

        • Windows Malicious Software Removal Tool x64 – v5.83 (KB890830)
        • 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 for x64 (KB4576484)
        • 2020-09 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4574727)
        G{ot backup} TestBeta
        offline▸ Win10Pro 1909.18363.959 x64 i3-3220 RAM8GB HDD Firefox79.0 WindowsDefender
        online▸ Win10Pro 1909.18363.1082 x64 i5-9400 RAM16GB HDD Firefox81.0 WindowsDefender
        TargetReleaseVersion=1909
        WUMgr
        4 users thanked author for this post.
      • #2294974 Reply
        jayinalaska
        AskWoody Plus

        According to this article at bleepingcomputer.com, this month’s servicing stack update (SSU) for Windows 10 will make changes that will allow the SSU to be bundled with cumulative updates (CUs) starting with October’s Windows 10 CU. September’s SSU is the last standalone SSU.

        No mention is made (that I saw) whether this change will be made for Windows 8.x or Windows 7.

        • #2294997 Reply
          anonymous
          Guest

          That change only affects Windows Server Update Services (WSUS) and Microsoft Catalog, as servicing stack update (SSU) and latest cumulative update (LCU) are already bundled via Windows Update:

          Simplifying on-premises deployment of servicing stack updates

          1 user thanked author for this post.
        • #2295396 Reply
          anonymous
          Guest

          The “bundled SSU” improvement for Microsoft Update Catalog and WSUS or Configuration Manager is explained much better in this ghacks.net article:

          Currently, when you are installing updates manually on a Windows 10 system or are using update management solutions such as WSUS or Configuration Manager, you may run into update installation issues if an update depends on a particular Servicing Stack update that is not installed. Windows will quit the installation of the update with the error “update isn’t applicable” and it is up to the system administrator to figure out why it cannot be installed on the device.

          Starting in September 2020, and only for Windows 10 version 2004 and Servicing Stack update September 2020, or later, this behavior is a thing of the past. Cumulative updates for Windows 10 will include the Servicing Stack update that the cumulative update requires so that the error should not be thrown anymore.

          Microsoft integrates Servicing Stack Updates in Windows 10 cumulative updates

      • #2294981 Reply
        Microfix
        AskWoody MVP

        Win8.1 Pro x64: Sept 2020 – KB4577066 SMQR installed
        (MSRT disabled from WU so I wouldn’t know if there was one available or not)

        Sept

        Post patch checks:
        Event viewer – displays no errors/ nothing unusual
        Task Scheduler – no changes made to my settings.
        Local Printer – Canon PXMA prints fine

        Performance/ Data Collector Sets:
        Diagtrack – re-enabled via Event Trace Sessions. I have diagtrack removed, better luck next-time 😉
        SQMLogger – remained disabled in Startup Event Trace Sessions.
        Ran abbodi’s script to eradicate telemetry points, all good.
        Should anything go south, it’ll be posted here.

        Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
        Attachments:
        4 users thanked author for this post.
      • #2294986 Reply
        NetDef
        AskWoody_MVP

        Two articles about a month apart are — to me — revealing a serious (and so far un-announced) vuln in WSUS that’s being mitigated quietly.

         

        From August we got this post:

        ( Microsoft recommends using HTTPS with Windows Server Update Services (WSUS).)

        https://techcommunity.microsoft.com/t5/windows-it-pro-blog/security-best-practices-for-windows-server-update-services-wsus/ba-p/1587536

        It’s interesting because HTTPS internally has long been considered a best practice, but not enforced in any way should the sysadmins choose to use HTTP between the server and client machines.

        Now today we see:

        https://techcommunity.microsoft.com/t5/windows-it-pro-blog/changes-to-improve-security-for-windows-devices-scanning-wsus/ba-p/1645547

        Referring to this line:  “To ensure that your devices remain inherently secure, we are no longer allowing HTTP-based intranet servers to leverage user proxy by default to detect updates”

        My suspicion is high here.  This only makes sense on an internal environment where a bad actor could spoof updates via a software proxy.  And malware proxies are nothing new, but this indicates that perhaps the cert check on updates packages is not as secure as we’ve assumed.

         

        ~ Group "Weekend" ~

        1 user thanked author for this post.
      • #2294995 Reply
        bbearren
        AskWoody MVP

        I got two Defender definition updates earlier this morning, and a third came along for the ride along with

        KB890830 Windows Malicious Software Removal Tool x64 – v5.83
        KB4571750 Cumulative Update for Windows 10 Version 2004 for x64-based Systems
        KB4576478 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64

        No hiccups, O&O ShutUp 10 shows no changes.  A couple of things, though.  My video editing software usually took 3 or 4 seconds to load after acknowledging the UAC prompt, now ~2 seconds.  Also, View update history under Windows Update had a pause before displaying the history, now pops up almost immediately.

        So I checked a few more, and all that I’ve tried so far launch noticeably quicker.  Interesting.

        Now on Windows 10 Pro Version 2004 (OS Build 19041.508).

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        1 user thanked author for this post.
        • #2295117 Reply
          bbearren
          AskWoody MVP

          The same updates were pushed overnight to my NAS and Dell Latitude E5420.

          No hiccups.

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      • #2295052 Reply
        Berserker79
        AskWoody Lounger

        I just noticed the following note added to the KB article of the latest .NET Framework CU released for Windows 10 1809, i.e. KB4576627:

        Important

        This update is included in the Cumulative Update that’s dated September 8, 2020. Parts of this update were previously released in the Cumulative Update that’s dated August 20, 2020.

        Is the “Cumulative Update that’s dated September 8, 2020” supposed to be a reference to the 2020-09 Cumulative update KB4570333 for Version 1809 (KB4570333)? If so, does this mean that by installing KB4570333 there is no need to install KB4576627?

        • #2295074 Reply
          PKCano
          Da Boss

          “B” week updates (Patch Tuesday) are Security updates.
          Updates released after Patch Tues (on “C,” “D,” “E,” weeks = “Previews”) contain the non-Security fixes  that will be included in the next “B” week (Patch Tues) update.

          So, if you install a Patch Tues Cumulative update, you have installed the previous month’s CU + all the non-security “Previews” released after the last Patch Tues.

          Cumulative updates (whether “B” week Security CUs or “C,” “D,” “E,” week  non-Security “Preview” CUs contain the patches from a previous date. The “Previews” just contain the untested fixes to be added to the next month’s CU.

          1 user thanked author for this post.
        • #2295129 Reply
          abbodi86
          AskWoody_MVP

          .NET 4.x got new security updates, .NET 3.5 Family didn’t

          the CU (or Rollup on Win 7/8.1) include both, new September one for 4.x and August one for 3.5

          4 users thanked author for this post.
          • #2295307 Reply
            Berserker79
            AskWoody Lounger

            Thanks, now I understand what that “Important” notice it’s talking about! I thought it was talking about the Win10 CU, not the previous .NET CU, my mistake (but I do find the language of that notice a bit too unclear). Anyway, this means that once we have the proper MS-DEFCON level I will install both the Win10 CU KB4570333 and the .NET CU KB4576627.

      • #2295071 Reply
        anonymous
        Guest

        Hi,

        FYI Feedback on the Cumulative 2020-09 Updates can be seen here:

        Reddit: https://www.reddit.com/r/Windows10/comments/ioxn7d/cumulative_updates_september_8th_2020/

        Microsoft community Forum:

        https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-september-2020/0274dd2e-a83f-4de4-be75-c17b45fbcc26

        Cheers.

        1 user thanked author for this post.
      • #2295115 Reply
        Microfix
        AskWoody MVP

        To exploit the vulnerability, an attacker would first have to log on to the target system and then run a specially crafted application.

        Which is hardly a “Remote Code Execution” vulnerability. It’s listed as “Critical.”

        ah but! (thinking outside the box) the end-user can be ‘remote code executed’ by telephone scammers putting the user into a false sense of security and allowing/authorising miscreants to access their device so, I’d say it’s critical based on this scenario/assumption.

        Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
        1 user thanked author for this post.
        • #2295130 Reply
          Moonbear
          AskWoody Lounger

          Especially since it seems like we may never reach a point where people understand that companies like Microsoft or Google will never call you if your computer has an issue.

        • #2295508 Reply
          Skider86
          AskWoody Lounger

          The exploit could be posted on a web site easily where someone clicks on it, or even placed in an advertisement…the possibilities are endless so these should be patched ASAP.

      • #2295213 Reply
        anonymous
        Guest

        Anyone elses system get a BSOD when trying to shutdown after the update? Mine did, it restarted and seems OK now

        • #2295218 Reply
          PKCano
          Da Boss

          Anyone elses system get a BSOD when trying to shutdown after the update?

          “System” meaning Win7, Win8.1, Win10 (vhich version)?
          Meaning laptop or desktop?
          Which update are you referring to?

          • #2295222 Reply
            anonymous
            Guest

            Sorry wasnt very specific.

            Win 10 desktop version 1909. Installed the latest Patch Tuesday updates, system rebooted fine and carried on using the PC. Came to shut it down, soon as i pressed shutdoon got the BSOD message, but it was all scrambled. Few seconds later it rebooted back into the desktop.

            Never had the issue before on my 6 month old PC, could have been another cause but seems odd it was right after installing the latest round of updates

            1 user thanked author for this post.
            • #2295225 Reply
              PKCano
              Da Boss

              If it happens again, see if you can get the error message or the Stop code. So far, we haven’t had any other report of a BSOD, but it’s early in the game after Patch Tuesday.

              1 user thanked author for this post.
              • #2295395 Reply
                anonymous
                Guest

                Managed to open the dump file of my BSOD after installing the updates. I dont know enough about them to analysis it properly, i will post what i think is relevant here:

                SYSTEM_SERVICE_EXCEPTION (3b)
                Arg1: 00000000c0000005, Exception code that caused the bugcheck
                Arg2: ffffa6e99df4301c, Address of the instruction which caused the bugcheck
                Arg3: ffffce005e56f830, Address of the context record for the exception that caused the bugcheck
                Arg4: 0000000000000000, zero.
                SYMBOL_NAME:  win32kbase!MousePerfSummary::CollectMousePerfTelemetry+8c
                
                MODULE_NAME: win32kbase
                
                IMAGE_NAME:  win32kbase.sys
                
                IMAGE_VERSION:  10.0.18362.1082
                
                STACK_COMMAND:  .cxr 0xffffce005e56f830 ; kb
                
                BUCKET_ID_FUNC_OFFSET:  8c
                
                FAILURE_BUCKET_ID:  0x3B_c0000005_win32kbase!MousePerfSummary::CollectMousePerfTelemetry
                
                OS_VERSION:  10.0.18362.1
                
                BUILDLAB_STR:  19h1_release
                
                OSPLATFORM_TYPE:  x64
                
                OSNAME:  Windows 10
                
                FAILURE_ID_HASH:  {ffe0a877-96ff-baa1-95d7-637af0086417}
                
                

                MVP Edit: This post pertains to #2295213

                1 user thanked author for this post.
      • #2295242 Reply
        arbrich
        AskWoody Plus

        Got 2 users already that are having problems installing the September updates, They both already had 2004 but they get to 84% and 100% and then it is stuck overnight and then backs itself out and throws error. I am pausing them a month and hoping MS fixes issues. The lack of testing they are doing these days is CRIMINAL !!!!! Both machines are older Dell laptops 1 Inspiron 5558  and 1 Lattitude 3440.

         

         

        • #2295244 Reply
          PKCano
          Da Boss

          Do you have any error codes after the rollbacks?
          Home or Pro?

          • #2295284 Reply
            arbrich
            AskWoody Plus

            windows update error 0x800f0922

            I uninstalled .net and re-installed and tried again with no luck.

             

      • #2295253 Reply
        CADesertRat
        AskWoody Plus

        A question on the .NET patches. In July and Aug. I got the “Preview” .NET patches but no cumulative “regular” ,NET patches. Does this mean that I need to get them from the MS Catalog or are the “Preview” patches all that I need? I haven’t done September as we are at Defcon 2.

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

      • #2295325 Reply
        Microfix
        AskWoody MVP

        1st reported patch casualty in W10 is KB4571756 breaking Windows Subsystem for Linux 2 (WSL 2)

        Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L
        1 user thanked author for this post.
      • #2295591 Reply
        anonymous
        Guest

        Win 10 Pro 1909 64 bit.  Downloaded SSU KB4576751 and September CU KB4574727 from MS Update Catalog, standalone installed OK, test system stable for 2 days.

      • #2295620 Reply
        PKCano
        Da Boss

        I have updated to Sept. patches, using Rollups and CUs but no Previews, the following with no problems (so far):

        3 Win7 Pro & Ultimate (one 32-bit) using @abbodi86 ‘s script
        1 Win7 Ultimate EOL (MSRT and Office 2010)
        4 Win8.1 Pro (one 32-bit)
        2 Win10 Pro v1909
        1 Win10 Pro v2004

        I can’t say as much for my Win10 Pro Dev Channel Insider Preview which keeps hanging at the second boot on install for EVERY Build after Build 20161.1000  (July 1, 2020). I have tried through Windows Update, from the ISO, and a clean install. Microsoft has broken something in the Dev Channel.
        I have no problem installing and updating the Beta Channel Builds 19042.xxx.

      • #2295790 Reply
        Alex5723
        AskWoody Plus

        Win10 version 2004 cumulative update KB 4571756 appears to contain the fix that updates the defrag date, but it doesn’t fix the TRIM command running on hard drives

        I haven’t notice before that my internal WD 1TB HDD is a SMR drive with TRIM command.

        • This reply was modified 1 week ago by Alex5723.
        Attachments:
      • #2296102 Reply
        WindowsPersister
        AskWoody Plus

        Two issues that each occurred immediately after installing a September update.  I eventually installed them all, perhaps unwisely, because of fear about insecurities in Windows.  I have 64-bit Windows 10 Pro 2004, now fully updated, on a desktop.

        ISSUE 1:  I installed KB4576478 on 2020-09-10 (.NET Framework 3.5 and 4.8), because it seemed wise to update .NET.  Ever since, I get the blue window ‘Just a moment . . .’ after every login.  It stays there for nearly four minutes, then every is normal.   I have not the slightest idea how to get rid of it, but it is really annoying me and slowing me down.

        ISSUE 2:  I installed KB4571756 on 2020-09-13 (the big cumulative update for 2004), in the forlorn hope that this might possibly fix the ‘Just a moment . . .’ problem.  Ever since, I cannot use NordLynx with NordVPN — NordLynx uses WireGuard.  No real worries here, because Nord’s OpenVPN works with no problems, both TCP and UDP, but why the issue with Wireguard?

        I can only report.  I leave it to experts to diagnose what caused these issues — and hopefully how I can removed the wretched blue window ‘Just a moment . . .’.

         

      • #2296252 Reply
        anonymous
        Guest

        Microsoft’s Knowledge Base article webpages for the Office Updates are still bloated, contain spyware, or something else.  Even though my PC only has 2 GB RAM, it used to be able to open 5 of them in IE11 w/o a problem. Since 2020, it can only handle 2 (Office or Windows Updates) before IE is overloaded. I know RAM is cheap but my business can’t afford it or a new PC.

        1 user thanked author for this post.
      • #2296806 Reply
        EP
        AskWoody_MVP

        new “preview” updates are out this Wed. Sept. 16:

        KB4577062 for 1903/1909:
        https://support.microsoft.com/help/4577062/

        KB4577069 for 1809:
        https://support.microsoft.com/help/4577069/

        along with new .NET “preview” updates
        KB4576947 for 1903/1909:
        https://support.microsoft.com/help/4576947

        KB4577324 for 1809 + .NET 3.5/4.72/4.8
        https://support.microsoft.com/help/4577324

        KB4576946 for 1809 + .NET 3.5/4.8
        https://support.microsoft.com/help/4576946

    Viewing 22 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The September 2020 Microsoft patches

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.